subskrybent kanałów informacyjnych

An anonymous reader quotes a report from TechCrunch: Facebook will end its unpaid market research programs and proactively take its Onavo VPN app off the Google Play store in the wake of backlash following TechCrunch's investigation about Onavo code being used in a Facebook Research app the sucked up data about teens. The Onavo Protect app will eventually shut down, and will immediately cease pulling in data from users for market research though it will continue operating as a Virtual Private Network in the short-term to allow users to find a replacement. Facebook has also ceased to recruit new users for the Facebook Research app that still runs on Android but was forced off of iOS by Apple after we reported on how it violated Apple's Enterprise Certificate program for employee-only apps. Existing Facebook Research app studies will continue to run, though. Onavo billed itself as a way to "limit apps from using background data and use a secure VPN network for your personal info" but also noted it would collect the "Time you spend using apps, mobile and Wi-Fi data you use per app, the websites you visit, and your country, device and network type." A Facebook spokesperson confirmed the change and provided this statement: "Market research helps companies build better products for people. We are shifting our focus to reward-based market research which means we're going to end the Onavo program."

The first privately funded mission to land on the moon took one giant step forward this evening as an Israeli spacecraft blasted off from Cape Canaveral, Florida. "[I]f the mission is successful, it would make Israel the fourth country to land a spacecraft on the lunar surface -- after the U.S., the former Soviet Union and China," reports NPR. From the report: The spacecraft launched with a Space X Falcon 9 rocket, according to SpaceIL's partner Israel Aerospace Industries. It detached from the reusable rocket, which returned to an off-shore platform. The spacecraft was to make several orbits around Earth, slowly getting closer to the moon. In a difficult maneuver, it was to pivot from orbiting Earth to orbiting the moon, and then eventually attempt a treacherous landing on the moon. The total journey will take several months, with a landing anticipated in mid-April. According to IAI, it would be the "longest journey until landing on the moon, 6.5 million kilometers."
[The spacecraft, which is called Beresheet (Hebrew for "in the beginning"] is covered in gold-colored reflective coating. And as WMFE's Brendan Byrne reported, it's about the size of a kitchen table. It's carrying a digital time capsule which, according to The Jerusalem Post, contains "drawings by Israeli children, the Bible, the national anthem, prayers, Israeli songs and a map of the State of Israel, among other cultural items." The spacecraft is set to run experiments on the moon's surface -- in particular, SpaceIL says it will collaborate with the Weizmann Institute of Science and UCLA to "take measurements of the Moon's mysterious magnetic field."

In response to a mother's inquiry into why her son's gymnastics videos were deemed not advertiser friendly, YouTube said on Twitter it has "taken a number of actions to better protect the YouTube community from content that endangers minors." The video-sharing website went on to say something very concerning for anyone who has ever uploaded a video to the site: "... even if your video is suitable for advertisers, inappropriate comments could result in your video receiving limited or no ads (yellow icon)."
Essentially, what YouTube is saying is that if someone leaves a "incendiary or demeaning" comment, or one with "inappropriate language," the video which features that comment could get demonetized and the content creator would not generate money from it. If you've ever read a comment thread on YouTube, it shouldn't take long for you to realize how big of an issue this could become. According to YouTube's "advertiser-friendly content guidelines," the following content may not be suitable for most advertisers: "controversial issues and sensitive events," "drugs and dangerous products or substances," "harmful or dangerous acts," "harmful or dangerous acts," "hateful content," "inappropriate language," "inappropriate use of family entertainment characters," "incendiary and demeaning [content]," "sexually suggestive content," and/or "violence." The best advice for circumventing this issue is to disable comments entirely, but this would significantly reduce the interaction between the YouTuber and the viewer. "If this is our new reality we're going to need the ability to restrict comments from accounts under 1-4 weeks old," says news commentator and YouTube personality Philip DeFranco. "Sounds like this is prime for weaponization. Also it would probably be best to have an official blog post instead of my tweet as a reference for this change."

An anonymous reader quotes a report from MIT Technology Review: The brains of two genetically-edited girls born in China last year may have been changed in ways that enhance cognition and memory, scientists say. The twins, called Lulu and Nana, were modified using CRISPR, a new gene-editing tool, by a Chinese scientific team to make the girls immune to infection by HIV, the virus that causes AIDS. Now, new research shows the same genetic alteration introduced into the girls' DNA, to a gene called CCR5, not only makes mice smarter, but also improves human brain recovery after stroke, and could be linked to greater success in school.
"The answer is likely yes, it did affect their brains," says Alcino J. Silva, a neurobiologist at the University of California, Los Angeles. Silva's lab lab has been uncovering a major new role for the CCR5 gene in memory formation and the brain's ability to form new connections. "The simplest interpretation is that those mutations will probably have an impact on cognitive function in the twins," says Silva. He says the exact effect on the girls cognition is impossible to predict and "that is why it should not be done." The Chinese designer babies were created to be resistant to HIV. A team in Shenzhen, China, led by Southern University of Science and Technology He Jiankui used the gene-editing tool CRISPR to delete a single gene, called CCR5, from human embryos, some of which were later used to create pregnancies. The virus that causes AIDS requires the CCR5 gene to enter human blood cells. The scientist, He Jiankui of the Southern University of Science and Technology in Shenzhen, China, has been fired from the university as He is under investigation in China. There is no evidence that He actually set out to modify the twins' intelligence.

In the event that a traffic light is not working, Waymo's self-driving cars will now be able to use AI to detect and respond to the arm movements of a traffic cop as they wave traffic through an intersection. You can watch a demo of it on YouTube. Futurism reports: Waymo first claimed that its autonomous vehicles could respond to hand signals from nearby cyclists back in 2016. That particular research treated cyclists, from the vehicle's perspective, as obstacles to track and avoid. A new video published by Waymo on Wednesday is the first that shows its vehicles responding to gesture commands -- especially in the absence of the traffic lights on which it would normally rely -- and obeying police orders. The video, which runs at three times normal speed, shows a picture-in-picture display of the car's digital perspective and a video camera as it goes through an intersection.
The video shows the car approach the intersection where a virtual red wall blocks off the road, suggesting that the computer's software responds to the absence of a green light at an intersection the same way as it might to an illuminated red light. The cop in the video, represented by a small prism, teeters across the virtual representation of the intersection before finally waving the Waymo vehicle's vehicle through the intersection and along its way.

Google said it will no longer require current and future staff to go through mandatory arbitration for disputes with the company. "The change goes into effect on March 21," reports CNET. "The search giant will also remove mandatory arbitration from its own employment agreements with contract and temporary staff, though the change won't impact staffing firms." From the report: This comes after Google employees in November walked out of their offices to protest the company's handling of sexual harassment claims. One of their demands was to end forced arbitration in cases of sexual harassment and discrimination. In January, some Google employees launched a social media campaign to pressure the company and other tech companies to drop mandatory arbitration. Mandatory arbitration often means workers can't take their employers to court when they complain internally. The campaign organizers said 60 million Americans are affected by forced arbitration.

Verizon has announced plans to turn on its 5G mobile network in 30 U.S. cities this year. "It revealed the plan during an investor meeting Thursday, though didn't disclose the list of cities," reports Engadget. From the report: Verizon already offers home broadband service via 5G in Los Angeles, Houston, Indianapolis and Sacramento. This month, it hinted at upcoming rollouts in New York City and Atlanta, as well as Medford, Massachusetts, suggesting Verizon will bring 5G to nearby Boston too. The provider plans to flip the switch on its mobile 5G network in the first half of this year, and it will expand its home 5G service to more markets later in 2019. One of the first phones to support Verizon's nascent 5G network will be the Samsung Galaxy S10 5G, which was unveiled yesterday at Samsung's Unpacked event. The device has a larger screen and battery than the S10 Plus, and will temporarily be a Verizon exclusive before expanding to other carriers in the weeks after launch. It's slated to go on sale sometime "in the first half of 2019."

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.
"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said. The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."

ICANN has appointed Cyrus Namazi for its newly created position of Senior Vice President of the Global Domains Division (GDD). As a member of the Executive Team, Namazi will report to ICANN President and CEO, Göran Marby. From the annoucement: "The Global Domains Division was initially established in 2013 to handle the increase in scale resulting from the New gTLD Program and to ensure ICANN's operational excellence. Since joining ICANN in 2013, Namazi has served as Vice President of the group's Domain Name Services & Industry Engagement activities, responsible for managing ICANN's relationships with contracted parties; implementing and supporting the lifecycle of policies, services and contracts; and providing subject matter expertise across the ICANN organization and community. He has served as second in command of GDD since 2016, and most recently as interim head of GDD."

Consumer Reports is pulling its recommendation of the Tesla Model 3, citing reliability issues with the car. "Tesla buyers are more likely to be satisfied with their car than customers of any other brand, according to Consumer Reports," reports CNN. "Yet the publication says many customers reported problems with the Model 3, including loose body trim and glass defects." From the report: "Consumers expect their cars to last -- and not be in the repair shop. That's why reliability is so important," said Jake Fisher, senior director of automotive testing at Consumer Reports.
Tesla pointed to its overall customer satisfaction rating from Consumer Reports and said it has corrected many of the problems found in the survey.
"We take feedback from our customers very seriously and quickly implement improvements any time we hear about issues," said the company statement. It said the survey was conducted from July through September, "so the vast majority of these issues have already been corrected through design and manufacturing improvements, and we are already seeing a significant improvement in our field data." Last May, the product testing website failed to give the Model 3 a recommendation due to issues with braking, but ultimately reversed its decision after Tesla released a firmware update improving the car's breaking distance by nearly 20 feet.

Google today launched another new top-level domain, .dev, to the public aimed as a secure domain for developers and tech community. As with Google's previously launched domain extensions .app and .page, the .dev domain is initially available for registration through an early access program for an additional fee until February 28. The domain has already attracted some big names with live sites under .dev including GitHub, Mozilla, Slack, CloudFlare and Salesforce. Google itself has also started using the domain for projects such as web.dev and opensource.dev. "Google has actually been sitting on the .dev top-level domain since 2015, reports Kieren McCarthy in The Register. "[Google] did a deal with Amazon to swap ownership of .book and .talk in return for .dev and .drive."

AmiMoJo shares a report from The Register: Privacy warriors have filed fresh evidence in their ongoing battle against real-time web ad exchange systems, which campaigners claim trample over Europe's data protection laws. The new filings -- submitted today to regulators in the UK, Ireland, and Poland -- allege that Google and industry body the Interactive Advertising Bureau (IAB) are well aware that their advertising networks flout the EU's privacy-safeguarding GDPR, and yet are doing nothing about it. The IAB, Google -- which is an IAB member -- and others in the ad-slinging world insist they aren't doing anything wrong. The fresh submissions come soon after the UK Information Commissioner's Office (ICO) revealed plans to probe programmatic ads. These are adverts that are selected and served on-the-fly as you visit a webpage, using whatever personal information has been scraped together about you to pick an ad most relevant to your interests. [...] The ICO's investigation will focus on how well informed people are about how their personal information is used for this kind of online advertising, which laws ad-technology firms rely on for processing said private data, and whether users' data is secure as it is shared on these platforms.

An anonymous reader quotes a report from BuzzFeed News: A viral photo showing a camera in a Singapore Airlines in-flight TV display recently caused an uproar online. The image was retweeted hundreds of times, with many people expressing concern about the privacy implications. As it turns out, some seat-back screens in American Airlines' premium economy class have them, too. Sri Ray was aboard an American Airlines Boeing 777-200 flight to Tokyo in September 2018 when he noticed something strange: a camera embedded in the seat back of his entertainment system. The cameras are also visible in this June 2017 review of the airline's premium economy offering by the Points Guy, as well as this YouTube video by Business Traveller magazine.
American Airlines spokesperson Ross Feinstein confirmed to BuzzFeed News that cameras are present on some of the airlines' in-flight entertainment systems, but said "they have never been activated, and American is not considering using them." Feinstein added, "Cameras are a standard feature on many in-flight entertainment systems used by multiple airlines. Manufacturers of those systems have included cameras for possible future uses, such as hand gestures to control in-flight entertainment." After Twitter user Vitaly Kamluk saw a similar lens on Singapore Airlines and tweeted photos of the system last week, the airline responded from its official Twitter account, saying the cameras were "disabled." Still, the airlines could quell passengers' concerns by covering the lenses with a plastic cover, if indeed there is no use for the camera.

Ontario Liberal Member of Provincial Parliament (MPP) Michael Coteau has introduced a bill to enable consumers and independent professionals to repair brand-name computers and phones easily and economically. Jordan Pearson reporting in Motherboard: "Manufacturers make it incredibly difficult to repair our broken devices ourselves. Instead of taking a smashed phone to a local repair professional for an affordable fix, a complex matrix of trade secrets and government intervention often means consumers have to make a pricey trip to the Genius Bar or buy a new device entirely. This is bad for your wallet, but also bad for the planet. ... On Thursday, Coteau introduced a private member's bill in provincial parliament that, if passed, would be the first 'right to repair' law for electronic devices in North America. More than a dozen US states are currently considering similar bills, but nothing is on the books yet in the US or in Canada."

The Repair Association, non-profit group advocating the right to repair movement in the U.S. emphasizes the need for such laws stating: "The presence of technology parts in modern equipment has enabled manufacturers to reduce access to repair by proclaiming that repair might violate their 'Proprietary' rights. This is a marketing ruse and not grounded in law. Manufacturers do not have any rights to control property beyond the sale. Limitations on repair have become a serious problem for all modern equipment that also limits how equipment can be traded on the used market."

It is argued that the template for Right to Repair is similar to laws applied to the U.S. auto repairs agreed by the auto industry in 2012 (and later adopted by Commercial Trucks industry in 2015) in support of independent repair.

The unusual move is set to be rolled out by Personalised Plates Queensland (PPQ) from next month, allowing drivers to adorn their number plates with a touch of emotion. From a report: Royal Automobile Club of Queensland (RACQ) spokeswoman Rebecca Michael said it was no different from allowing drivers to express themselves with other available themes like their favorite footy team. "For quite some time we've seen that you can support your favourite team or your favourite town with a symbol on your number plate," Dr Michael told 7News Brisbane.
"And using an emoji is no different." But before your mind goes straight to the gutter, no, you won't be able to completely replace the letters and numbers on your number plate with an eggplant or smiling poo emoji. The smartphone symbols won't be included in rego numbers and are simply decorative.

AmiMoJo writes: Nike users are experiencing some technical difficulties in the wild world of connected footwear. Nike's $350 "Adapt BB" sneakers are the latest in the company's line of self-lacing shoes, and they come with the "Nike Adapt" app for Android and iOS. The app pairs with the shoes and lets you adjust the tightness of the laces, customize the lights (yeah, there are lights), and see, uh, how much battery life your shoes have left. The only problem: Nike's Android app doesn't work. Android users report that their new kicks aren't paring with the app properly, and some customers report failed firmware updates for the shoes, which render them unable to pair with the app at all. "My left shoe won't even reboot." writes one owner.

Canada is the newest frontier in the fight for the "right to repair" after an Ontario politician introduced a bill on Thursday that would ensure individuals and independent professionals can repair brand-name computers and phones cheaply and easily. From a report: Manufacturers make it incredibly difficult to repair our broken devices ourselves. Instead of taking a smashed phone to a local repair professional for an affordable fix, a complex matrix of trade secrets and government intervention often means consumers have to make a pricey trip to the Genius Bar or buy a new device entirely. This is bad for your wallet, but also bad for the planet.
Ontario Liberal Party MPP Michael Coteau ran into this issue head-first after his daughter dropped his Samsung smartphone. An official repair job from the manufacturer was more expensive than just getting a new phone from his carrier, he told me over the phone. "It's a shame," Coteau said, "because the Samsung S8 was very good for me. Everything was perfect. I would've kept using it. But now I've replaced it." On Thursday, Coteau introduced a private member's bill in provincial parliament that, if passed, would be the first "right to repair" law for electronic devices in North America. More than a dozen US states are currently considering similar bills, but nothing is on the books yet in the US or in Canada.

An anonymous reader shares a report: Facebook makes money by charging advertisers to reach just the right audience for their message -- even when that audience is made up of people interested in the perpetrators of the Holocaust or explicitly neo-Nazi music. Despite promises of greater oversight following past advertising scandals, a Times review shows that Facebook has continued to allow advertisers to target hundreds of thousands of users the social media firm believes are curious about topics such as "Joseph Goebbels," "Josef Mengele," "Heinrich Himmler," the neo-nazi punk band Skrewdriver and Benito Mussolini's long-defunct National Fascist Party.
Experts say that this practice runs counter to the company's stated principles and can help fuel radicalization online. "What you're describing, where a clear hateful idea or narrative can be amplified to reach more people, is exactly what they said they don't want to do and what they need to be held accountable for," said Oren Segal, director of the Anti-Defamation League's center on extremism. After being contacted by The Times, Facebook said that it would remove many of the audience groupings from its ad platform.

Japan, a country which frequently suffers natural calamities such as tsunamis, typhoons, and earthquakes is looking to further harness the power of batteries used in electric vehicles (EVs) during such disasters, local media reports. From a report: Nissan, which produces the Leaf, the world's best-selling EV model, plans to hold an event in March to let people stay overnight in their cars and try using the electricity stored in their car batteries to simulate the experience of being in an emergency, according to Japanese newswire Jiji. A fully charged electric vehicle can supply power to a standard home for up to four days, a Nissan official told the news outlet. The company last year came to an agreement with Tokyo's Nerima Ward and the city of Yokosuka to provide EVs for free in emergency situations. Nerima also last year (link in Japanese) implemented a system whereby owners of EVs would be able to loan their vehicles out for free to those in need during a disaster, and also started using EVs for its fleet of police patrol cars.

Microsoft is shipping a patch to eliminate SHA-1 hashes from its update process. There's nothing wrong with eliminating SHA-1 — but their reasoning may be very interesting.

SHA-1 is a "cryptographic hash function". That is, it takes an input file of any size and outputs 20 bytes. An essential property of cryptographic hash functions is that in practice (though obviously not in theory), no two files should have the same hash value unless the files are identical.

SHA-1 no longer has that property; we've known that for about 15 years. But definitions matter. SHA-1 is susceptible to a "collision attack": an attacker can simultaneously create two files that have the same SHA-1 hash. However, given an existing file and hence its hash, it is not possible, as far as anyone knows, to generate a second file with that same hash. This attack, called a "pre-image attack", is far more serious. (There's a third type of attack, a "second pre-image attack", which I won't go into.)

In the ordinary sequence of events, someone at Microsoft prepares an update file. Its hash — its SHA-1 hash, in many cases — is calculated; this value is then digitally signed. Someone who wished to create a fake update would have to crack either the signature algorithm or, somehow, produce a fake update that had the same hash value as the legitimate update. But that's a pre-image attack, and SHA-1 is still believed to be secure against those. So: is this update useless? Not quite — there's still a risk.

Recall that SHA-1 is vulnerable to a collision attack. This means that if two updates are prepared simultaneously, one good and one evil, there can be a signed, malicious update. In other words, the threat model here is a corrupt insider. By eliminating use of SHA-1 for updates, Microsoft is protecting users against misbehavior by one of its own employees.

Now, perhaps this is just housekeeping. Microsoft can get SHA-1 out of its code base, and thus discourage its use. And it's past time to do that; the algorithm is about 25 years old and does have serious weaknesses. But it's also recognition that an insider who turns to the Dark Side can be very dangerous.

Written by Steven Bellovin, Professor of Computer Science at Columbia University